1. CISPA still allows companies to share lots of sensitive and private information about our internet use with the government. The proposal amended the definition of what could be shared by taking out its explicit reference to stealing "intellectual property." But it still allows the sharing of Internet use records or the content of emails for "cybersecurity purposes" and unlike proposals drafted by Sens. Joe Lieberman and Dianne Feinstein or the Obama administration, CISPA does not require companies to even make an effort to remove information that could be tied to a specific individual.

2. CISPA still lets military agencies such as the National Security Agency directly collect the Internet records of American citizens who use the public, domestic, civilian Internet. The proposed changes state that the Department of Homeland Security should be cc'd when companies share our private details with the military and others, but this is no substitute for ensuring that a civilian agency is put in charge of collecting Americans' information.

3. CISPA still lets the government use the private information it collects about us for any purpose it deems fit outside of regulation. For four months, the draft bill has remained the same: the government can use information collected under this broad new program for "any lawful purpose" so long as a "significant purpose" of its use is a cybersecurity or national security one. But as former federal and FISA court judge James Robertson said at a congressional briefing this week, this "significant purpose" limitation is meaningless. The Patriot Act inserted this language into our foreign intelligence surveillance laws, and since then, in Judge Robertson's words, they've had a "hole you could drive a truck through."